Giter Club home page Giter Club logo

kafka-security-playbook's People

Contributors

1123 avatar ciudilo avatar dabz avatar dependabot[bot] avatar kamir avatar mitchell-h avatar nerdynick avatar ogomezso avatar petersilverwood avatar purbon avatar sknop avatar vdesabou avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar

kafka-security-playbook's Issues

ZK login exception in kerberos example

ZK log

zookeeper | [2021-02-05 02:26:36,440] INFO Started ServerConnector@636be97c{HTTP/1.1,[http/1.1]}{0.0.0.0:8080} (org.eclipse.jetty.server.AbstractConnector)
zookeeper | [2021-02-05 02:26:36,440] INFO Started @768ms (org.eclipse.jetty.server.Server)
zookeeper | [2021-02-05 02:26:36,441] INFO Started AdminServer on address 0.0.0.0, port 8080 and command URL /commands (org.apache.zookeeper.server.admin.JettyAdminServer)
zookeeper | [2021-02-05 02:26:36,445] INFO Using org.apache.zookeeper.server.NIOServerCnxnFactory as server connection factory (org.apache.zookeeper.server.ServerCnxnFactory)
zookeeper | [2021-02-05 02:26:36,452] INFO Setting -D jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated TLS renegotiation (org.apache.zookeeper.common.X509Util)
zookeeper | [2021-02-05 02:26:36,470] WARN No password found for user: null (org.apache.zookeeper.server.auth.SaslServerCallbackHandler)
zookeeper | [2021-02-05 02:26:36,472] ERROR Unexpected exception, exiting abnormally (org.apache.zookeeper.server.ZooKeeperServerMain)
zookeeper | java.io.IOException: Could not configure server because SASL configuration did not allow the ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: No password provided
zookeeper | at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:243)
zookeeper | at org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:646)
zookeeper | at org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:143)
zookeeper | at org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:106)
zookeeper | at org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:64)
zookeeper | at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:128)
zookeeper | at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82)

Example for SASL_SSL with Kerberos

First of all, thank you for this repo, it's awesome, I love it!

This repo has a running example for kerberized Kafka using SASL_PLAINTEXT, it would be great to have an example with SASL_SSL as well.

Does that make sense? If so, I can also contribute it.

Getting invalid volume specification error running kerberos

Env:
windows 10 running minikube 1.7.2 with virtualbox driver, using Gitbash

Problem:

cd /kerberos, and run ./up getting the errors below (unqiue to windows it appears as it works on my mac, using the latest repo)

Successfully built 2e29b2238f98
Successfully tagged kerberos_client:latest
Recreating 3376ac7adf80_kdc ... error

ERROR: for 3376ac7adf80_kdc Cannot create container for service kdc: invalid volume specification: 'C:\dev\code\GitHub\old.kafka-security-playbook\kerberos\kdc\krb5.conf:/etc/kdc/krb5.conf:rw'

ERROR: for kdc Cannot create container for service kdc: invalid volume specification: 'C:\dev\code\GitHub\old.kafka-security-playbook\kerberos\kdc\krb5.conf:/etc/kdc/krb5.conf:rw'

java.lang.ClassNotFoundException: io.confluent.kafka.security.ldap.authorizer.LdapAuthorizer

I am having this problem when using LDAP. I use server.properties in this repositoy

[2020-05-22 04:39:49,183] ERROR Fatal error during SupportedServerStartable startup. Prepare to shutdown (io.confluent.support.metrics.SupportedKafka)
java.lang.ClassNotFoundException: io.confluent.kafka.security.ldap.authorizer.LdapAuthorizer
	at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:348)
	at org.apache.kafka.common.utils.Utils.loadClass(Utils.java:335)
	at org.apache.kafka.common.utils.Utils.newInstance(Utils.java:324)
	at kafka.security.authorizer.AuthorizerUtils$.createAuthorizer(AuthorizerUtils.scala:35)
	at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1382)
	at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1238)
	at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:1218)
	at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:1215)
	at kafka.server.KafkaConfig.fromProps(KafkaConfig.scala)
	at io.confluent.support.metrics.SupportedServerStartable.<init>(SupportedServerStartable.java:52)
	at io.confluent.support.metrics.SupportedKafka.main(SupportedKafka.java:45)

Kafkacat fails in TLS example

Using the TLS demo works as expected.
I can bring up the cluster and use the produce and consume example as recommended at the end in the script named up.

[OK] -> docker-compose exec kafka kafka-console-producer --broker-list kafka.confluent.local:9093 --topic test --producer.config /etc/kafka/consumer.properties
[OK] -> docker-compose exec kafka kafka-console-consumer --bootstrap-server kafka.confluent.local:9093 --topic test --consumer.config /etc/kafka/consumer.properties --from-beginning

[FAILE] -> docker-compose exec kafka kafkacat -L -b kafka.confluent.local:9093 -F /etc/kafka/kafkacat.conf -C -t test

This is the error message:
kafkacat: error while loading shared libraries: libssl.so.10: cannot open shared object file: No such file or directory

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.